My home on the interwebs

May 29, 2014

Anonymity of Bitcoin

By: Michael Goetzman

Intuitively, we’re in a what could be described as an “anonymity battle” with governments agencies and corporations fighting digital citizens. This cyber battle has become a world where no data is private, making it nearly impossible to keeping your anonymity, financial or not, even in extreme circumstances. For example the creator of bitcoin, Satoshi Nakamoto, who has made extreme attempts to hide his identity is under consistent threat by media, governments (likely), and an ever powerful cypherpunk citizen population to acquire and potentially expose his true identity. Foreign Governments and the US government departments battle each other for more intelligence. How much anonymity exists in today’s world is coming to light as Edward Snowden’s documents are released by the press. One may need to depend on flooding every site with disinformation to throw off collection practices. The National Security Agency(NSA) keeps track of everything from internet protocols, traffic patterns, and who does what over the world wide web. Ultimately, this paper focuses on digital financial transactions. The closest thing we have to financial anonymity is the bitcoin protocol, not to be confused with bitcoin the p2p network. Only recently has the cypherpunk community realized that in addition to the p2p public ledger (the “Blockchain”, a decentralized source of truth that’s both secure and transparent), the protocol of bitcoin itself can be traced just like traditional data. The combination of both the bitcoin protocol and the public ledger opens up holes for anonymity potentially worse then traditional fiat currency.

The Bitcoin protocol project began in 2008 by the name of the pseudonymous person known as Satoshi Nakamoto. The Bitcoin protocol itself was designed to be private with the assumption that the user is using TOR, because the design team gives each individual user the ability to make an unlimited number of bitcoin storage holders called wallets. Each wallet is assigned an identification number which greatly represents a hash called, a bitcoin address. The first digit in any bitcoin address always begins with the number 1 (a few with 3, but outside the scope of this paper), while the private key begins with the number 5. The hashes are generated at random, so they have absolutely no ties to the user’s information. All that is required is the private key, and those who can match their public key with their private key, has access to that wallet’s bitcoins. At first, when the crypto-currency was still in its infancy, governments did not view the protocol as anything different from mmorpg or game currency, but now that it has expanded into a global exchange of wealth and its number of users have recently grown exponentially, the bitcoin protocol has proven to be a very powerful p2p protocol potentially capable of hiding sophisticated attempts at wealth transfers.

The cyberpunk community is now realizing that bitcoin transactions can be traced to an individual person based on information found in the blockchain’s public ledger and other sources. But how is that? Bitcoins under TOR are supposed to be anonymous and impossible to trace to their users. With the indecent at SilkRoad, an online market, the game changed following the founder being jailed and had his funds taken by the United States government. The SilkRoad was an online marketplace for illegal drugs which used bitcoin & .onion (requiring TOR) to further protect the user’s anonymity. The users traded their bitcoins for products then back into cash in US dollars via a bitcoin exchange. Because users are switching back into fiat currency, governments or banks can provide a very detailed account of information such as, bank account information, name, address, and so on. In the bitcoin network, every single transaction is written on a very large document called the blockchain(public ledger). Government officials had used the block chain to trace down first: where the coins had been sent to. Once they found out the coins had been sent to an exchange, the government subpoenaed banks for the information regarding accounts of who the wallet belonged to, and with that information accessed countless of other databases on the user to form a more complete picture. In the case of the Silk Road founder, the owner had coins stashed away in a local wallet on a specialty designed laptop that encrypts the harddrive on the action of closing the laptop lid. The government SWAT team was able to apprehend the user while in the midst of working, before the founder could physically close the laptop lid to protect himself from data forensics. His funds are now in the possession of the FBI.

Illegal activities such as these greatly discourage some users from even attempting investments into bitcoin. The simple fact that bitcoin is indeed a currency, people will do elicit things with it, people even do elicit things with the US dollar. Bitcoin is just a tool, criminals can already do bad things since they’re willing to break laws. Some argue is that cash in USD is still the best way to remain anonymous. In my opinion technically that statement is correct for any physical meeting, not necessarily the wealth unit itself . Trading cash has absolutely no record of being traded, bitcoin however does have evidence of the origin of a bitcoin, the destination of a bitcoin, and everything in between – IF they do not trade possession of the wallet’s private key. Since the bitcoin network has a public ledger, users have been combating privacy with “bitcoin”. This seems very ironic considering that bitcoin the protocol was based on the principal that all users are anonymous.  The biggest way that anonymity is broken in the bitcoin world today, is the fact that bitcoin exchanges collect information on their users and the bitcoin network publicly announces transactions. Therefore, tracking a person is as easy as referring to the blockchain by tracking the funds until it reaches an exchange, and then subpoenaing the user’s information. Users could add a level of complexity by creating transactions over regulatory borders. From that point law enforcement procedures find roadblocks and require additional assistance from foreign governments. It should also be noted that mapping bitcoin addresses to an IP address/MAC address of a router is also possible, so if a person or group of people or government agency wishes to find whoever owns a bitcoin address, it can be done, but that is outside the scope of this paper.

If one does wish to hide themselves, there is hope. You will find a few methods to make yourself ‘increasingly’ anonymous therefore to making it very difficult or near impossible to trace a bitcoin transaction to its origin. The company Blockchain.info has released their new service called SharedCoin. SharedCoin is a mixing service that mixes up your bitcoin transactions with approximately ten other bitcoin addresses. This service allows you to repeat this process up to ten times, the more repetitions that the user asks for the more difficult it becomes to trace the coins to their respective origin.  One downside is that if for some reason the transaction fails in between mixing, the funds sent could possibly be forever lost. The service is also advertised as open-source giving another level of assurance to the community. The blockchain website and Nakamoto himself also recommends using the TOR service or even a VPN (Virtual Private Network) or Proxy server. As noted above the TOR project is an anonymity network where users host servers to conceal their IP addresses from website which collect said information. In the sense of bitcoin the protocol, it is harder to find the origin of your bitcoins or your personal information when attempting to trace you by IP address because the trace would lead to the VPN/Proxy instead of the user.

Another way to stay anonymous is to use an eWallet as opposed to using a desktop client. Although it is better to safeguard your bitcoins using a desktop client, it will reveal your IP address to everyone else on the blockchain, making the origin of the transaction public. Using an eWallet also includes the risk of the eWallet service’s coins being stolen, just as Mt. Gox’s bitcoins were stolen in early 2014. The mail bitcoin website suggests the following if you choose to use the desktop client for storing bitcoins:

  1. “Set up a real external mixing service. Make it like an eWallet service but make sure that a user never withdraws the same coins that are put in. Also delete empty addresses and transaction logs.
  2. Even if you’re not a programmer, you can make a slightly less secure version of an external mixing service (as a Tor hidden service, preferably):
    • Set up two Bitcoin installations.
    • Put some amount of BTC in installation B. This is the maximum amount of BTC you can deal with at once (for all customers).
    • Customers send BTC to installation A. You send them an equal number of coins (or minus a fee) from installation B. Send as 10-50 BTC increments.
    • Send all coins from A to B when all orders are satisfied. You can’t send coins from A to B if you have any orders that have not been satisfied from B.
    • This can be automated, or you can do everything manually.
  3. Put lots of Bitcoins in an eWallet service and keep it there. If anyone uses the anonymization method described in “staying anonymous” above, this will enhance it. Send in smaller increments if a large amount is transferred.” (Anonymity- Bitcoin Wiki)

There is also the possibility that those who transact with a user could know who they are. For example user A asks user B  to work for them, after B completes their for and sends it to A, User A can now look at the funds they have given user B and trace them if they wish. This is very apparent in PayPal transactions for example. The bitcoin network with it’s public ledger is a very complex, yet interesting and experimental idea. It does however have its flaws and surprisingly enough, one of its biggest flaws, the public ledger, happens to be one of the best things about the crypto currency. Being anonymous in today’s world is nearly impossible, given enough resources an agency or individual can narrow down the search onto nearly all users. We should do all we can in order to protect our privacy, even if it involves bitcoin 2.0, an upgraded  crypto-currency based on anonymity. Why? Edward Snowden says it best “Your rights matter, because you never know when you’re going to need them.” I think the same applies to reasonable privacy.

Works Cited

“Anonymity.” – Bitcoin. N.p., n.d. (March 2014)
https://en.bitcoin.it/wiki/Anonymity

“Block Chain.” – Bitcoin. N.p., n.d. (March 2014)
https://en.bitcoin.it/wiki/Block_chain

Greenberg, Andy. “Founder Of Drug Site Silk Road Says Bitcoin Booms And Busts Won’t Kill His Black Market.” Forbes. Forbes Magazine (April 16, 2013 – March 07, 2014)
http://www.forbes.com/sites/andygreenberg/2013/04/16/founder-of-drug-site-silk-road-says-bitcoin-booms-and-busts-wont-kill-his-black-market

“Satoshi Nakamoto.” Wikipedia. Wikimedia Foundation (August 03, 2014 – March 07, 2014)<http://en.wikipedia.org/wiki/Satoshi_Nakamoto>.

“Shared Coin.” – Bitcoin. N.p., n.d. (March 07, 2014)
https://en.bitcoin.it/wiki/Shared_coin>